创建一个保证数据安全的网络服务?
[英]Create a webservice that keeps data secure?
问题描述
I want to create a webservice that allows users to enter the longitude and latitude for a particular building.
我想创建一个网络服务,允许用户输入特定建筑物的经度和纬度。 Buildings will belong to a broader category called a Region.建筑物将属于一个更广泛的类别,称为区域。 If a specific building does not exist in a region the user could add the longitude and latitude data through the webservice.如果某个地区不存在特定建筑物,用户可以通过网络服务添加经度和纬度数据。 Similarly if a user finds data to be inaccurate, they could update it.同样,如果用户发现数据不准确,他们可以更新它。
This webservice would not need to have a web front-end only a RESTful API that would only be accessible to my application(s).此 Web 服务不需要 web 前端,只有一个 RESTful API 只能由我的应用程序访问。 I want the webservice to be able to accept new and updated data (as described above) and also print out relevant data (in xml format) based on the appropriate API calls.我希望网络服务能够接受新的和更新的数据(如上所述),并根据适当的 API 调用打印出相关数据(以 xml 格式)。
I need to ensure that this data would be secure - ie nobody would be able to gain access to the data i have accumulated.我需要确保这些数据是安全的——即没有人能够访问我积累的数据。
What is the best way to do this?做这个的最好方式是什么? I have familiar with client side Java and not much server side technology (not familiar with server-side Java, rails, django, etc...).我熟悉客户端 Java 而不是很多服务器端技术(不熟悉服务器端 Java、rails、django 等...)。 What language/frameworks should i use that would accomplish my needs with the shallowest learning curve?我应该使用什么语言/框架来以最浅的学习曲线满足我的需求?
3 个解决方案
解决方案1
2 2009-06-18 00:55:06
You can just use basic authentication (username/pw) with ssl enabled.您可以只使用启用 ssl 的基本身份验证(用户名/密码)。 That way you are encrypting the connection and providing a broadly supported means of authentication.这样您就可以加密连接并提供广泛支持的身份验证方式。 I believe apache Axis will take care of most of it for you.我相信 apache Axis 会为您解决大部分问题。
解决方案2
2 2009-06-18 03:16:11
I've used the Restlet framework to deploy web services that are password protected.我使用Restlet框架部署了受密码保护的 web 服务。 It supports basic authentification and several others out of the box.它支持基本身份验证和其他几个开箱即用的身份验证。 You can also set up your services behind an https "server connector".您还可以在 https“服务器连接器”后面设置您的服务。
Another approach is to run your application in a Java EE application server which supports JSR 196 (eg, Glassfish or JBoss).另一种方法是在支持 JSR 196(例如 Glassfish 或 JBoss)的 Java EE 应用程序服务器中运行您的应用程序。 You would then use the server's facilities to establish the authentication.然后您将使用服务器的设施来建立身份验证。
Here is the Glassfish security page .这是Glassfish 安全页面。
解决方案3
1 已采纳
If you have never programmed server-side code you will be facing a pretty steep learning curve, I'm afraid.如果您从未编写过服务器端代码,恐怕您将面临一个非常陡峭的学习曲线。 If you are comfortable with Java then the Restlet framework mentioned by another commenter is a good choice.如果您对 Java 感到满意,那么另一位评论者提到的 Restlet 框架是一个不错的选择。 It is easy to use, includes both client and server tools, and has pretty decent documentation.它易于使用,包括客户端和服务器工具,并且有相当不错的文档。 The video screencasts are very good.视频截屏非常好。
Another option is Ruby on Rails.另一个选择是 Ruby on Rails。 I am currently implementing something very similar to what you are planning and Rails has worked extremely well.我目前正在实施与您计划的非常相似的东西,并且 Rails 运行得非常好。 Rails has built-in support for XML output through both the ActiveRecord class and XML Builder templates. Rails 通过 ActiveRecord class 和 XML Builder 模板内置了对 XML output 的支持。 I used Atom Authentication ( http://www.xml.com/pub/a/2003/12/17/dive.html ) between the client and server and it is working beautifully.我在客户端和服务器之间使用了 Atom 身份验证 ( http://www.xml.com/pub/a/2003/12/17/dive.html ),它运行良好。 There is a learning curve for both Ruby and Rails but the power of the framework makes it worth it. Ruby 和 Rails 都有一个学习曲线,但框架的强大功能使其值得。 I am partial to the Ruby and Rails books at The Pragmatic Programmer but O'Reilly has some good ones, too.我偏爱 The Pragmatic Programmer 的 Ruby 和 Rails 书籍,但 O'Reilly 也有一些不错的书籍。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.